CISM Audible Exam Quiz Phil Martin

Question 1

standard

Answer 1

tells how to carry out a policy

Question 2

procedure

Answer 2

clear list of steps required to accomplish a task

Question 3

procedure defines 4 things

Answer 3

required conditions

information displayed

expected outcome

what to do when unexpected happens

Question 4

biased assimilation

Answer 4

when we accept only facts that support our perspective

Question 5

risk appetite

Answer 5

amount of risk a business is willing to incur

Question 6

risk tolerance

Answer 6

amount of deviation from the risk appetite that a business considers acceptable

Question 7

risk capacity

Answer 7

amount of risk a business can absorb without dying

Question 8

3 phases of octave

Answer 8

locate all assets, build threat profile
locate all network paths and it components
assign risk to each asset and decide what to do with it

Question 9

operationally critical threat asset and vulnerability evaluation (OCTAVE)

Answer 9

risk approach for when you need well established process to id, prioritize and manage risk

Question 10

Bowtie analysis

Answer 10

risk approach that creates a visual diagram with the event in the middle (knot)